Encryption in Transit
All data between your browser, our servers, and third-party providers is encrypted using TLS 1.3. Connections that do not meet this standard are rejected.
Encryption at Rest
Your data — including call records, transcripts, and account information — is stored with AES-256 encryption at rest via Supabase (PostgreSQL on AWS).
Access Controls
Service-role credentials and API keys are never exposed to the browser. Admin and client dashboards use separate authentication paths. All privileged operations require server-side authorization checks.
Trusted Infrastructure
VocaDent is built on infrastructure operated by Supabase, Vercel, Twilio, Stripe, and ElevenLabs — each of which maintains their own security certifications and undergoes independent audits.
Minimal Data Retention
Call recordings and transcripts are retained for up to 90 days. Raw caller phone numbers are masked in the dashboard. Service keys are scoped to the minimum permissions required.
Incident Response
If we become aware of a security incident affecting your data, we will notify affected customers within 72 hours of confirmation and provide a summary of what happened and what we did about it.
Trusted vendor stack
We rely on providers that invest heavily in security and undergo independent audits. Click any vendor to review their own security documentation.
Found a security issue?
If you discover a vulnerability in VocaDent, please report it responsibly. We ask that you do not publicly disclose the issue until we have had a reasonable time to investigate and address it.
whudd2006@gmail.com →